Press Release

Recorded Future: China-Linked Group RedEcho Targets the Indian Power Sector


Insikt Group Identified Ten Indian Power Sector Organizations As Key Targets

BOSTON — February 18, 2021 — Recorded Future, the world’s largest provider of intelligence for enterprise security, today revealed details of a cyber campaign conducted by a China-linked group, named RedEcho by Insikt Group, in a new report. Recorded Future’s large-scale automated network traffic analytics and expert analysis identified the threat group activity targeting the power sector in India.

Key findings from the report include:

  • Recorded Future’s Insikt Group identified RedEcho targeting 10 distinct Indian organizations in the power generation and transmission sector and two organizations in the maritime sector.
  • Insikt Group believes the targeting of these organizations poses significant concerns over potential pre-positioning of network access to support Chinese strategic objectives.
  • RedEcho has strong infrastructure and victimology overlaps with Chinese groups APT41/Barium and Tonto Team, while ShadowPad is used by at least 5 distinct Chinese groups.
  • The computer network operations (CNO) targeting of strategically important organizations in India from Chinese groups will likely continue in 2021 as the nation continues to exert influence over countries that are within the sphere of their Belt and Road Initiative (BRI) investment program.

“The impact of a cyber attack targeting the critical infrastructure of a country, whether for espionage or malicious activity, has the potential to be catastrophic with long-term repercussions. We have long seen cyber efforts from China aimed around strategic policies and initiatives, and this campaign from RedEcho is no exception. Accurate and actionable intelligence is vital for preempting such attacks and proactively disrupting adversaries both within an organization and across a nation.” — Dr. Christopher Ahlberg, CEO and Co-Founder, Recorded Future

To access the full report, go to: China-linked Group RedEcho Targets the Indian Power Sector Amid Heightened Border Tensions

For additional resources on Chinese threat activity groups, visit:

About Insikt Group
Recorded Future’s Insikt Group, the company’s threat research arm, is comprised of world-class subject-matter experts in technical threat intelligence and foreign adversary tactics, techniques, and procedures (TTPs), including analysts and security researchers with deep government and industry experience as well as native foreign-language skills.

About Recorded Future
Recorded Future is the world’s largest provider of intelligence for enterprise security. By combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future delivers intelligence that is timely, accurate, and actionable. In a world of ever-increasing chaos and uncertainty, Recorded Future empowers organizations with the visibility they need to identify and detect threats faster; take proactive action to disrupt adversaries; and protect their people, systems, and assets, so business can be conducted with confidence. Recorded Future is trusted by more than 1,000 businesses and government organizations around the world. Learn more at and follow us on Twitter at @RecordedFuture.